module permissions for query?

Events happening in the community are now at Drupal community events on www.drupal.org.
nicknickoli's picture
Posted by nicknickoli on April 29, 2008 at 6:56pm

Hi, can I add any custom functions to a module or, do they need to be registered in the menu system? I have some lookup routines that work fine for admin but are not called for anonymous users. I tried using the _underscore naming and that didn't allow them. template.php is in a different scope or something, nothing from there... Should they get added as menu_tasks? Thanks for any help

Categories: ,

Comments

Not for PHP functions...

Posted by jhodgdon on April 29, 2008 at 10:17pm
jhodgdon's picture

As far as I know, there is no way to restrict access to particular PHP functions in a module. If you define a function, it's defined, and can be called by any other PHP function in a theme or module.

However, there is definitely a way for your module to hook into Drupal's role-based permission system. Check and see how some of the other contributed modules do it... you basically use hook_perm to define the names for your permissions, and then hook_menu to define which of your actions have which permissions.

You can also check permissions at the top of your PHP functions... there is an example on this page: http://api.drupal.org/api/file/developer/examples/node_access_example.mo...

Hope this helps,
--Jennifer

Drupal programmer - http://poplarware.com
Drupal author - http://shop.oreilly.com/product/0636920034612.do
Drupal contributor - https://www.drupal.org/u/jhodgdon

No db_query result for anonymous users

Posted by nicknickoli on May 1, 2008 at 5:26am
nicknickoli's picture

It looks like there's something stopped at the database layer? You're right the function is called with parameters. But anonymous can access 'node content' and view it otherwise. Pulling the braces from the query and using table names still didn't let guest see a result? Here's what my code looks like

<?php
function mymodule_fetchabooknid($lookup)
{     $sql = "SELECT n.nid FROM {node} n, {book} b WHERE n.nid = b.nid AND n.vid = b.vid AND n.status = 1 AND b.parent IN (222, 242) AND n.title like '%%%s%%'";
$result = db_query(db_rewrite_sql($sql), $lookup);
if(mysql_num_rows($result) > 0) {
       $r = db_fetch_array($result);
      return $r['nid'];
    }
}
?>

Right now, the module doesn't have any access or permissions settings. Running a node_load wouldn't get anywhere because you still don't have a query result? It only runs for admins.. Thanks for your help

Looks like it's a rewrite

Posted by nicknickoli on May 4, 2008 at 10:09pm
nicknickoli's picture

Looks like it's a rewrite thing... Adding the join drupal likes opened access to anonymous users but otherwise, I had to pull out the db_rewrite_sql function --

<?php

# WORKS FOR ADMIN
$sql = "SELECT * FROM {sometable} WHERE <code>nid</code>=%d LIMIT 1";
$result = db_query(db_rewrite_sql($sql), $lookup);

# WORKS FOR ALL
$sql = "SELECT * FROM {sometable} WHERE <code>nid</code>=%d LIMIT 1";
$result = db_query($sql, $lookup);

# WORKS FOR ALL
$sql = "SELECT c.* FROM {node} n INNER JOIN {sometable} s ON c.nid = n.nid INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE s.nid=%d";
$result = db_query(db_rewrite_sql($sql), $lookup);
?>
Thanks for your help!

Seattle

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.